<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>elasticsearch-saml-metadata | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'saml-metadata.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/saml-metadata.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/saml-metadata.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/saml-metadata.html" rel="nofollow" target="_blank">../en/saml-metadata.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="commands.html">Command line tools</a></span>
»
<span class="breadcrumb-node">elasticsearch-saml-metadata</span>
</div>
<div class="navheader">
<span class="prev">
<a href="node-tool.html">« elasticsearch-node</a>
</span>
<span class="next">
<a href="setup-passwords.html">elasticsearch-setup-passwords »</a>
</span>
</div>
<div class="chapter xpack">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="saml-metadata"></a>elasticsearch-saml-metadata<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/commands/saml-metadata.asciidoc">edit</a><a class="xpack_tag" href="https://www.elastic.co/subscriptions"></a>
</h2>
</div></div></div>
<p>The <code class="literal">elasticsearch-saml-metadata</code> command can be used to generate a SAML 2.0 Service
Provider Metadata file.</p>
<h3>
<a id="_synopsis_6"></a>Synopsis<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/commands/saml-metadata.asciidoc">edit</a>
</h3>
<div class="pre_wrapper lang-shell">
<pre class="programlisting prettyprint lang-shell">bin/elasticsearch-saml-metadata
[--realm &lt;name&gt;]
[--out &lt;file_path&gt;] [--batch]
[--attribute &lt;name&gt;] [--service-name &lt;name&gt;]
[--locale &lt;name&gt;] [--contacts]
([--organisation-name &lt;name&gt;] [--organisation-display-name &lt;name&gt;] [--organisation-url &lt;url&gt;])
([--signing-bundle &lt;file_path&gt;] | [--signing-cert &lt;file_path&gt;][--signing-key &lt;file_path&gt;])
[--signing-key-password &lt;password&gt;]
[-E &lt;KeyValuePair&gt;]
[-h, --help] ([-s, --silent] | [-v, --verbose])</pre>
</div>
<h3>
<a id="_description_6"></a>Description<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/commands/saml-metadata.asciidoc">edit</a>
</h3>
<p>The SAML 2.0 specification provides a mechanism for Service Providers to
describe their capabilities and configuration using a <em>metadata file</em>.</p>
<p>The <code class="literal">elasticsearch-saml-metadata</code> command generates such a file, based on the
configuration of a SAML realm in Elasticsearch.</p>
<p>Some SAML Identity Providers will allow you to automatically import a metadata
file when you configure the Elastic Stack as a Service Provider.</p>
<p>You can optionally select to digitally sign the metadata file in order to
ensure its integrity and authenticity before sharing it with the Identity Provider.
The key used for signing the metadata file need not necessarily be the same as
the keys already used in the saml realm configuration for SAML message signing.</p>
<p>If your Elasticsearch keystore is password protected, you
are prompted to enter the password when you run the
<code class="literal">elasticsearch-saml-metadata</code> command.</p>
<h3>
<a id="_parameters_10"></a>Parameters<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/commands/saml-metadata.asciidoc">edit</a>
</h3>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">--attribute &lt;name&gt;</code>
</span>
</dt>
<dd>
Specifies a SAML attribute that should be
included as a <code class="literal">&lt;RequestedAttribute&gt;</code> element in the metadata. Any attribute
configured in the Elasticsearch realm is automatically included and does not need to be
specified as a commandline option.
</dd>
<dt>
<span class="term">
<code class="literal">--batch</code>
</span>
</dt>
<dd>
Do not prompt for user input.
</dd>
<dt>
<span class="term">
<code class="literal">--contacts</code>
</span>
</dt>
<dd>
Specifies that the metadata should include one or more
<code class="literal">&lt;ContactPerson&gt;</code> elements. The user will be prompted to enter the details for
each person.
</dd>
<dt>
<span class="term">
<code class="literal">-E &lt;KeyValuePair&gt;</code>
</span>
</dt>
<dd>
Configures an Elasticsearch setting.
</dd>
<dt>
<span class="term">
<code class="literal">-h, --help</code>
</span>
</dt>
<dd>
Returns all of the command parameters.
</dd>
<dt>
<span class="term">
<code class="literal">--locale &lt;name&gt;</code>
</span>
</dt>
<dd>
Specifies the locale to use for metadata elements such as
<code class="literal">&lt;ServiceName&gt;</code>. Defaults to the JVM’s default system locale.
</dd>
<dt>
<span class="term">
<code class="literal">--organisation-display-name &lt;name</code>
</span>
</dt>
<dd>
Specified the value of the
<code class="literal">&lt;OrganizationDisplayName&gt;</code> element.
Only valid if <code class="literal">--organisation-name</code> is also specified.
</dd>
<dt>
<span class="term">
<code class="literal">--organisation-name &lt;name&gt;</code>
</span>
</dt>
<dd>
Specifies that an <code class="literal">&lt;Organization&gt;</code> element should
be included in the metadata and provides the value for the <code class="literal">&lt;OrganizationName&gt;</code>.
If this is specified, then <code class="literal">--organisation-url</code> must also be specified.
</dd>
<dt>
<span class="term">
<code class="literal">--organisation-url &lt;url&gt;</code>
</span>
</dt>
<dd>
Specifies the value of the <code class="literal">&lt;OrganizationURL&gt;</code>
element. This is required if <code class="literal">--organisation-name</code> is specified.
</dd>
<dt>
<span class="term">
<code class="literal">--out &lt;file_path&gt;</code>
</span>
</dt>
<dd>
Specifies a path for the output files.
Defaults to <code class="literal">saml-elasticsearch-metadata.xml</code>
</dd>
<dt>
<span class="term">
<code class="literal">--service-name &lt;name&gt;</code>
</span>
</dt>
<dd>
Specifies the value for the <code class="literal">&lt;ServiceName&gt;</code> element in
the metadata. Defaults to <code class="literal">elasticsearch</code>.
</dd>
<dt>
<span class="term">
<code class="literal">--signing-bundle &lt;file_path&gt;</code>
</span>
</dt>
<dd>
Specifies the path to an existing key pair
(in PKCS#12 format). The private key of that key pair will be used to sign
the metadata file.
</dd>
<dt>
<span class="term">
<code class="literal">--signing-cert &lt;file_path&gt;</code>
</span>
</dt>
<dd>
Specifies the path to an existing certificate (in
PEM format) to be used for signing of the metadata file. You must also specify
the <code class="literal">--signing-key</code> parameter. This parameter cannot be used with the
<code class="literal">--signing-bundle</code> parameter.
</dd>
<dt>
<span class="term">
<code class="literal">--signing-key &lt;file_path&gt;</code>
</span>
</dt>
<dd>
Specifies the path to an existing key (in PEM format)
to be used for signing of the metadata file. You must also specify the
<code class="literal">--signing-cert</code> parameter. This parameter cannot be used with the
<code class="literal">--signing-bundle</code> parameter.
</dd>
<dt>
<span class="term">
<code class="literal">--signing-key-password &lt;password&gt;</code>
</span>
</dt>
<dd>
Specifies the password for the signing key.
It can be used with either the <code class="literal">--signing-key</code> or the <code class="literal">--signing-bundle</code> parameters.
</dd>
<dt>
<span class="term">
<code class="literal">--realm &lt;name&gt;</code>
</span>
</dt>
<dd>
Specifies the name of the realm for which the metadata
should be generated. This parameter is required if there is more than 1 <code class="literal">saml</code>
realm in your Elasticsearch configuration.
</dd>
<dt>
<span class="term">
<code class="literal">-s, --silent</code>
</span>
</dt>
<dd>
Shows minimal output.
</dd>
<dt>
<span class="term">
<code class="literal">-v, --verbose</code>
</span>
</dt>
<dd>
Shows verbose output.
</dd>
</dl>
</div>
<h3>
<a id="_examples_9"></a>Examples<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/commands/saml-metadata.asciidoc">edit</a>
</h3>
<p>The following command generates a default metadata file for the <code class="literal">saml1</code> realm:</p>
<div class="pre_wrapper lang-sh">
<pre class="programlisting prettyprint lang-sh">bin/elasticsearch-saml-metadata --realm saml1</pre>
</div>
<p>The file will be written to <code class="literal">saml-elasticsearch-metadata.xml</code>.
You may be prompted to provide the "friendlyName" value for any attributes that
are used by the realm.</p>
<p>The following command generates a metadata file for the <code class="literal">saml2</code> realm, with a
<code class="literal">&lt;ServiceName&gt;</code> of <code class="literal">kibana-finance</code>, a locale of <code class="literal">en-GB</code> and includes
<code class="literal">&lt;ContactPerson&gt;</code> elements and an <code class="literal">&lt;Organization&gt;</code> element:</p>
<div class="pre_wrapper lang-sh">
<pre class="programlisting prettyprint lang-sh">bin/elasticsearch-saml-metadata --realm saml2 \
    --service-name kibana-finance \
    --locale en-GB \
    --contacts \
    --organisation-name "Mega Corp. Finance Team" \
    --organisation-url "http://mega.example.com/finance/"</pre>
</div>
</div>
<div class="navfooter">
<span class="prev">
<a href="node-tool.html">« elasticsearch-node</a>
</span>
<span class="next">
<a href="setup-passwords.html">elasticsearch-setup-passwords »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>